Fix : non-root users must *never* be able to run their own scripts
Fix : non-root users must *never* be able to run their own scripts
2b) Someone with write access in one folder can scp a binary with the X permission
2b) Someone with write access in one folder can scp a binary with the X permission
Fix : non-root users must *never* have write permissions (o-w, g-w, u-w)
Fix : non-root users must *never* have write permissions (o-w, g-w, u-w)
Exception : write users can exist if the access is only by ftp, on servers where no "user shell" exploits exist. In this specific, sudo must be modified to make sure guest can only log as root, and not as write users
2c) There's no way to delete "guest"
2c) There's no way to delete "guest"
Fix : a group-less user should have *absolutely* no permissions (u-r, u-w, u-x)
Fix : a group-less user should have *absolutely* no permissions (u-r, u-w, u-x)
